UK Finance warns SMEs of increased risk of targeted scams

UK Finance’s Take Five to Stop Fraud campaign is warning UK small and medium sized enterprises (SMEs) to be alert for scams targeting their companies.

As many businesses start the new year with people working from home, fraudsters will try to take advantage of opportunities to steal money where firms might be working outside of their normal processes. Criminals often attempt to impersonate a chief executive, senior manager, or supplier to try and convince staff to make an urgent payment or to change the existing bank account details held on file.


These scams result in the victim transferring money to a criminal – UK Finance figures showed that in the first half of 2021, businesses saw £59.2 million lost to these frauds, an increase of 35 per cent.


In a survey conducted for the Take Five to Stop Fraud campaign, 80 per cent of SMEs said they had received an unsolicited text or email request for money and personal information and 64 per cent had received unsolicited phone calls.


The survey also found that although 62 per cent of SMEs claim to be more aware of fraud since the start of the pandemic, a concerning one in six (16 per cent) did not challenge an unsolicited phone call requesting money or personal information.


The Take Five to Stop Fraud campaign urges businesses to remember that criminals are experts at impersonating people, organisations and the police. Stop and think. It could protect you and your company.

  • STOP: If you receive a request to make an urgent payment, change supplier bank details or provide financial information, take a moment to stop and think.

  • CHALLENGE: Could it be fake? Verify all payments and supplier details directly with the company on a known phone number or in person first.

  • PROTECT: Contact your business’s bank immediately if you think you’ve been scammed and report it to Action Fraud.

Katy Worobec, Managing Director of Economic Crime at UK Finance, said: 

Criminals are continually becoming more sophisticated and are experts at impersonating people and suppliers. As we start the new year, businesses should make it a priority to be wary of any unexpected contact requesting an urgent payment and to be careful with the type of information you share online about your business.
“The banking industry is tackling fraud on every front, but It’s important for businesses to always stay alert and when in doubt, remember the advice of the Take Five to Stop Fraud campaign to Stop, Challenge, Protect.

Liz Barclay, Small Business Commissioner, said:

Data shows scams are on the rise and businesses are having to grapple with the fall out. Suffering losses because of fraud can leave your finances in ruin. Imagine that a supplier emails you, saying that they need urgent payment to new bank details. It would be very easy to get sucked in by an email which looks genuine when you’re in a rush. Please, please take nothing at face value and check with anyone you need to pay before responding to texts, emails or calls. We need to make it impossible for the scammers to scam us.

Federation of Small Businesses National Vice Chair Policy and Advocacy Martin McTague said:


Business crime is a serious issue for small firms right across the country, with fraud being one of the key problems at hand and one that has only been accelerated due to the increase in online trading and e-commerce during the pandemic.“Small businesses face almost four million cases of cybercrime each year, predominantly focussed on malware and fraudulent payments, so the need for vigilance has never been more important.
“The ‘Take Five to Stop Fraud campaign to Stop, Challenge, Protect’, is a crucial one to highlighting the issues related to these crimes, and reminding all businesses that no-one is immune from attack. Criminals are nimble, agile, and using more creative and sophisticated ways of targeting their victims, and that requires a similarly nimble set of defences in return.
“Only by raising awareness of these sorts of fraud cases will we stand a chance of protecting small businesses for the future.

Data collected by Barclays has shown that between January and October 2021 the sectors reporting the most cases of SME scams were property and construction (24 per cent), retail and wholesale (18 per cent), business services (15 per cent), and manufacturing and transportation (12 per cent).


Common scams targeting business include:

  • CEO scam: criminals impersonate a boss or a senior manager to convince staff to make an urgent payment outside of their business’s internal procedures. Sometimes they gain access to a business’s email account by hacking or use spoofing software to email a member of the finance team with what appears to be a genuine email from their boss or a senior manager.

  • Invoice and mandate scams: criminals pose as regular suppliers and convince the business to change their existing bank account details on file. They are then tricked into sending money to the account which is controlled by a criminal rather than the genuine supplier.

A woman in Kent saved her employer half a million Euros by cleverly identifying a fraudulent email. Just a few months into a new role within the Accounts Payable department at a UK based manufacturing company, the woman received an email claiming to be from a longstanding supplier saying they’d changed their bank details. She challenged the change, flagging it to her MD and her gut feeling was right. It was a scam.


The woman says, “It was such a huge relief to hear my suspicions were correct and I wasn’t being over cautious. I’d have felt so silly if the email had turned out to be legitimate, but it would have been even worse if I had paid and lost the company such a large amount of money. The impact would have been devastating. It’s really easy when you get an email like that, especially when you’re juggling a hundred other things, to just pay it.


Taking a few minutes to confirm bank details directly with suppliers using their established on-file details can have huge rewards. Only criminals will try to rush you so make sure you don’t step outside your usual payment processes. A good boss will be grateful that you’re taking steps to protect the business.”


Hundreds of millions of pounds worth of fraud and scams have been prevented through industry initiatives such as the specialist police unit, the Dedicated Card and Payment Crime Unit (DCPCU), which is fully funded by the banking and finance industry. The industry also works with text message providers and law enforcement to block scam text messages, and with Ofcom to crack down on number spoofing.

 

Businesses in the West Midlands can sign up for a free Core Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.

 

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.